Cross-Site Scripting Flaw in SAPUI5 Applications by SAP
CVE-2025-42990

3LOW

Key Information:

Vendor: SAP
Status: SAPui5 Applications
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-42990?

SAPUI5 applications have a vulnerability that permits attackers with minimal privileges to inject harmful HTML code into web pages. This security flaw can lead to user redirection to malicious URLs, compromising the integrity of the application during interactions. Precautionary measures should be taken to secure applications against this form of attack to maintain user trust and operational integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAPUI5 applications SAP_UI 750

SAPUI5 applications 754

SAPUI5 applications 755

References

https://me.sap.com/notes/3601169

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

SAP